5.3
CVE-2026-23829
- EPSS 1.44%
- Veröffentlicht 18.01.2026 23:23:04
- Zuletzt bearbeitet 23.02.2026 17:29:31
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginMailpit has SMTP Header Injection via Regex Bypass
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.698 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c
https://github.com/axllent/mailpit/commit/36cc06c125954dec6673219dafa084e13cc14534
https://github.com/axllent/mailpit/releases/tag/v1.28.3